CVE-2023-5727

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox 119,...

Security Vulnerabilities fixed in Firefox 119 — Mozilla

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header...

Mozilla Thunderbird < 115.4.1

The version of Thunderbird installed on the remote Windows host is prior to 115.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-47 advisory. - Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed...

Security Vulnerabilities fixed in Firefox ESR 115.4 — Mozilla

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. Drivers a...

Mozilla Firefox Security Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 119, which originates from downloading .msix, .msixbundle, .appx, and .appxbundle files without an executable warning...

[SECURITY] Fedora 37 Update: python2.7-2.7.18-35.fc37

Python 2 is an old version of the language that is incompatible with the 3.x line of releases. The language is mostly the same, but many details, especial ly how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

PT-2023-20971 · Tsplus · Tsplus Remote Work

Name of the Vulnerable Software and Affected Versions: TSplus Remote Work version 16.0.0.0 Description: The issue is related to weak permissions for certain file types, including .exe, .js, and .html files, located under the %PROGRAMFILESX86%TSplus-RemoteWorkClientswww folder. This weakness may...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

CVE-2023-4911 This is a PoC for CVE-2023-4911 "Looney Tunable...

CVE-2023-32973 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

The vulnerability of the distributed version of the Git version control system for Windows, doskey.exe, allows a hacker to execute arbitrary code.

The vulnerability of the distributed version of the Git version control system for Windows, called doskey.exe, is related to an uncontrolled element in the search path. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

Improper access control

A vulnerability has been identified in SINEC NMS All versions V2.0. The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges...

PT-2023-13009 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V2.0 Description: A vulnerability has been identified in the affected application, where it assigns improper access rights to specific folders containing executable files and libraries. This could allow an...

Siemens SINEC NMS 安全漏洞

Siemens SINEC NMS is a network management system NMS from Siemens, Germany, that can be used 24/7 to centrally monitor, manage and configure industrial networks with tens of thousands of devices, including safety-related areas. The Siemens SINEC NMS suffers from an Incorrect Privilege Assignment...

CLSA-2023-1696880132 binutils: Fix of CVE-2020-19726

CVE-2020-19726: Fix parsing a corrupt PE format file...

CLSA-2023-1696879225 binutils: Fix of CVE-2020-19726

CVE-2020-19726: Fix parsing a corrupt PE format file...

UBUNTU-CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

CVE-2023-43643 mXSS in AntiSamy

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...